<?php

  //////////////////////////////////////////////////////////////////
  // OrbitFAQ                                                     //
  // ---------                                                    //
  //                                                              //
  // Orbit FAQ was solely written and developed by Orbit Services //
  // http://www.orbitservices.net                                 //
  //                                                              //
  // Access the Forum here:                                       //
  // http://forums.orbitservices.net/index.php?c=4                //
  //                                                              //
  // OrbitFAQ utilises the following opensource projects/classes; //
  //  + Fckeditor - http://www.fckeditor.net                      //
  //  + Smarty Template Engine - http://smarty.php.net            //
  //  + Swift Email Class - http://www.swiftmailer.org/           //
  //  + OWASP PHP Filter Project - http://www.owasp.org           //
  //  + MySQL Search Class by Stephen Bartholomew                 //
  //                                                              //
  //////////////////////////////////////////////////////////////////

  $smarty->assign("OrbitFAQTitle","User Management");

  if($action != '')
    {
      $smarty_template_file = "$AdminFullPath/skins/$AdminSkin/mod_". $mod ."_". $action .".tpl";

      if($action == 'create')
        {

          if($posted == 'yes')
            {

              $posted_fullname = strip_tags($_POST['posted_fullname']);
              $posted_login = fsanitize_email($_POST['posted_login']);
              $validate_email = checkEmail($posted_login);
              $posted_phone = strip_tags($_POST['posted_phone']);
              $posted_occupation = strip_tags($_POST['posted_occupation']);
              $posted_country = strip_tags($_POST['posted_country']);
              $posted_city = strip_tags($_POST['posted_city']);
              $posted_msn = strip_tags($_POST['posted_msn']);
              $posted_groups = $_POST['posted_groups'];

              $generated_password = makeRandomPassword();
              $encrypted_generated_password = md5($generated_password);

              // Check if our email is in the system already
              $query_login = "SELECT * from `orbitfaq_users` WHERE `login` = '$posted_login'";
              $result_login = $faqsql_query ($query_login)OR DIE( "$sql_query_error $query_login");
              $count_login = $faqsql_count_rows($result_login);

              if(!$posted_fullname){ $error .= " &raquo; You did not enter a <u>Full Name</u><br />"; }
              if(!$posted_login){ $error .= " &raquo; You did not enter an <u>Email Address</u><br />"; }
              if($validate_email == '0'){ $error .= " &raquo; You did not enter a <u>Valid Email Address</u><br />"; }
              if($count_login != '0'){ $error .= " &raquo; You did not enter a <u>Unique Email Address</u>, maybe you should try the Forgotten Password Option<br />"; }

                if(!$error)
                  {

                    $register_date = date("Y-m-d H:i:s");

                    $query_add = "INSERT INTO `orbitfaq_users` (
                        `f_id`,
                        `login`,
                        `fullname`,
                        `password`,
                        `phone`,
                        `msn`,
                        `country`,
                        `city`,
                        `occupation`,
                        `register_date`,
                        `skin`
                      )VALUES(
                        '0',
                        '$posted_login',
                        '$posted_fullname',
                        '$encrypted_generated_password',
                        '$posted_phone',
                        '$posted_msn',
                        '$posted_country',
                        '$posted_city',
                        '$posted_occupation',
                        '$register_date',
                        '$DefaultSkinOnReg'
                      );

                    ";
                    $result_add = $faqsql_query ($query_add)OR DIE( "$sql_query_error $query_add");
                    $user_id = $faqsql_insertid();


                    if($posted_groups != '')
                      {
                        foreach($posted_groups as $groupacl)
                          {
                              // Put in our managed FAQs
                              $query_addacl = "INSERT INTO `orbitfaq_users_groups` (
                                  `u_id`,
                                  `g_id`
                                )VALUES(
                                  '$user_id',
                                  '$groupacl'
                                );

                              ";
                              $result_addacl = $faqsql_query ($query_addacl)OR DIE( "$sql_query_error $query_addacl");
                          }
                      }

                    // Get our email address and email them the notice

                    $OurMessage = "<font face='verdana'>You were registered manually at <b>$OrbitFAQTitle</b><br /><br />";
                    $OurMessage .= "You are almost able to start using this system, but first you must validate this request<br />";
                    $OurMessage .= "Go to the following link to validate your registration<br />";
                    $OurMessage .= "$FaqAddress/members.php?action=validate&l=$posted_login&k=$encrypted_generated_password<br />";
                    $OurMessage .= "Once validated you can login using the following crudentials<br />";
                    $OurMessage .= "Login: $posted_login<br />";
                    $OurMessage .= "Password: $generated_password<br /><br />";
                    $OurMessage .= "Regards,<br /><b>OrbitFAQ Mailer</b>";

                    $OurTxtMessage = "You were registered manually at $OrbitFAQTitle\n\n";
                    $OurTxtMessage .= "You are almost able to start using this system, but first you must validate this request\n";
                    $OurTxtMessage .= "Go to the following link to validate your registration\n";
                    $OurTxtMessage .= "$FaqAddress/members.php?action=validate&l=$posted_login&k=$encrypted_generated_password\n\n";
                    $OurTxtMessage .= "Once validated you can login using the following crudentials\n";
                    $OurTxtMessage .= "Login: $posted_login\n";
                    $OurTxtMessage .= "Password: $generated_password\n\n";
                    $OurTxtMessage .= "Regards,\nOrbitFAQ Mailer\n";

                    // Lets check that they are using swift
                    // if version is ok then use swift
                    if(($phpv == '4')OR($phpv == '5'))
                      {
                        $swift =& new Swift(new Swift_Connection_SMTP("$smtp_hostname"));

                        if($email_format == 'text/html')
                          {
                            $RealMessage = $OurMessage;
                          }
                        else
                          {
                            $RealMessage = $OurTxtMessage;
                          }

                        //Create the message
                        $message =& new Swift_Message("$OrbitFAQTitle Registration", "$RealMessage", $email_format);

                        //Now check if Swift actually sends it
                        !$swift->send($message, $posted_login, "$default_email");
                      }
                    // if not then we will just use PHP mail functions.
                    else
                      {
                        $headers = "From: $default_email\r\n";
                        mail( $posted_login, "$OrbitFAQTitle Registration", $OurTxtMessage, $headers );
                      }

                    clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);

                    $message = "User Was Successfully Created and they will receive an Email shortly!";
                    header("Location: index.php?mod=$mod&message=$message");

                    exit;

                  }

                $smarty->assign("posted_fullname","$posted_fullname");
                $smarty->assign("posted_login","$posted_login");
                $smarty->assign("posted_phone","$posted_phone");
                $smarty->assign("posted_msn","$posted_msn");
                $smarty->assign("posted_country","$posted_country");
                $smarty->assign("posted_city","$posted_city");
                $smarty->assign("posted_occupation","$posted_occupation");
                $smarty->assign("Errors","$error");



            }

                $query_groups = "SELECT * from orbitfaq_groups ORDER BY title";
                $result_groups = $faqsql_query ($query_groups)OR DIE( "$sql_query_error $query_groups");

                while ($row_groups = $faqsql_fetch_array ($result_groups)){
                  $group_id = $row_groups[0];
                  $group_title = $row_groups[1];

                  if($posted_groups != '')
                    {
                        if(in_array($group_id, $posted_groups))
                          {
                            $group_selected = 'selected';
                          }
                        else
                          {
                            $group_selected = '';
                          }

                    }
                  else
                    {
                      // Check if the admin has access
                      $query_groupacl = "SELECT * from orbitfaq_groups WHERE id = $group_id AND grantonreg = '1'";
                      $result_groupsacl = $faqsql_query ($query_groupacl)OR DIE( "$sql_query_error $query_groupacl");
                      $count_groupsacl = $faqsql_count_rows($result_groupsacl);

                      if($count_groupsacl != '0')
                        {
                          $group_selected = 'selected';
                        }
                      else
                        {
                          $group_selected = '';
                        }
                    }

                       // Build Smarty Content Array
                       $smarty_grouppd_array[] = array(
                          "group_id" => "$group_id",
                          "group_title" => "$group_title",
                          "group_selected" => "$group_selected"
                        );

                  }

                // Send our Smarty Data
                $smarty->assign('GroupPulldown',$smarty_grouppd_array);


      } // End Create
      if($action == 'createmany')
        {

          if($posted == 'yes')
            {
              $posted_login = $_POST['posted_login'];
              $posted_groups = $_POST['posted_groups'];

              if($posted_login)
                {

                  $emails = split(",","$posted_login");
                  foreach($emails as $email_address)
                    {
                      $email_address = trim($email_address);
                      $validate_email = checkEmail($email_address);
                      $generated_password = makeRandomPassword();
                      $encrypted_generated_password = md5($generated_password);

                      // Check if our email is in the system already
                      $query_login = "SELECT * from `orbitfaq_users` WHERE `login` = '$email_address'";
                      $result_login = $faqsql_query ($query_login)OR DIE( "$sql_query_error $query_login");
                      $count_login = $faqsql_count_rows($result_login);

                      if(!$email_address){ $error .= " &raquo; You did not enter an <u>Email Address</u><br />"; }
                      if($validate_email == '0'){ $error .= " &raquo; You did not enter a <u>Valid Email Address</u><br />"; }
                      if($count_login != '0'){ $error .= " &raquo; You did not enter a <u>Unique Email Address</u>, maybe you should try the Forgotten Password Option<br />"; }

                        if(!$error)
                          {

                            $register_date = date("Y-m-d H:i:s");

                            $query_add = "INSERT INTO `orbitfaq_users` (
                                `f_id`,
                                `login`,
                                `fullname`,
                                `password`,
                                `phone`,
                                `msn`,
                                `country`,
                                `city`,
                                `occupation`,
                                `register_date`,
                                `skin`
                              )VALUES(
                                '0',
                                '$email_address',
                                '$email_address',
                                '$encrypted_generated_password',
                                '',
                                '',
                                '',
                                '',
                                '',
                                '$register_date',
                                '$DefaultSkinOnReg'
                              );

                            ";
                            $result_add = $faqsql_query ($query_add)OR DIE( "$sql_query_error $query_add");
                            $user_id = $faqsql_insertid();


                            if($posted_groups != '')
                              {
                                foreach($posted_groups as $groupacl)
                                  {
                                      // Put in our managed FAQs
                                      $query_addacl = "INSERT INTO `orbitfaq_users_groups` (
                                          `u_id`,
                                          `g_id`
                                        )VALUES(
                                          '$user_id',
                                          '$groupacl'
                                        );

                                      ";
                                      $result_addacl = $faqsql_query ($query_addacl)OR DIE( "$sql_query_error $query_addacl");
                                  }
                              }

                            // Get our email address and email them the notice

                            $OurMessage = "<font face='verdana'>You were registered manually at <b>$OrbitFAQTitle</b><br /><br />";
                            $OurMessage .= "You are almost able to start using this system, but first you must validate this request<br />";
                            $OurMessage .= "Go to the following link to validate your registration<br />";
                            $OurMessage .= "$FaqAddress/members.php?action=validate&l=$email_address&k=$encrypted_generated_password<br />";
                            $OurMessage .= "Once validated you can login using the following crudentials<br />";
                            $OurMessage .= "Login: $email_address<br />";
                            $OurMessage .= "Password: $generated_password<br /><br />";
                            $OurMessage .= "Regards,<br /><b>OrbitFAQ Mailer</b>";

                            $OurTxtMessage = "You were registered manually at $OrbitFAQTitle\n\n";
                            $OurTxtMessage .= "You are almost able to start using this system, but first you must validate this request\n";
                            $OurTxtMessage .= "Go to the following link to validate your registration\n";
                            $OurTxtMessage .= "$FaqAddress/members.php?action=validate&l=$email_address&k=$encrypted_generated_password\n\n";
                            $OurTxtMessage .= "Once validated you can login using the following crudentials\n";
                            $OurTxtMessage .= "Login: $email_address\n";
                            $OurTxtMessage .= "Password: $generated_password\n\n";
                            $OurTxtMessage .= "Regards,\nOrbitFAQ Mailer\n";

                            // Lets check that they are using swift
                            // if version is ok then use swift
                            if(($phpv == '4')OR($phpv == '5'))
                              {
                                $swift =& new Swift(new Swift_Connection_SMTP("$smtp_hostname"));

                                if($email_format == 'text/html')
                                  {
                                    $RealMessage = $OurMessage;
                                  }
                                else
                                  {
                                    $RealMessage = $OurTxtMessage;
                                  }

                                //Create the message
                                $message =& new Swift_Message("$OrbitFAQTitle Registration", "$RealMessage", $email_format);

                                //Now check if Swift actually sends it
                                !$swift->send($message, $email_address, "$default_email");
                              }
                            // if not then we will just use PHP mail functions.
                            else
                              {
                                $headers = "From: $default_email\r\n";
                                mail( $email_address, "$OrbitFAQTitle Registration", $OurTxtMessage, $headers );
                              }

                          }
                        else
                          {
                            $overall_errors = "At least one of the emails addresses entered we invalid or already existed in the database.<br />Please check the users that have been created against your list!";
                          }

                        $error = '';

                    }

                if($overall_errors)
                  {
                    $message = $overall_errors;
                  }
                else
                  {
                    $message = "Users were Successfully Created and they will receive an Email shortly!";
                  }

                header("Location: index.php?mod=$mod&message=$message");
                exit;

              }
            else
              {

                $error = " &raquo; No Emails Were Submitted!";
              }

            }

                $query_groups = "SELECT * from orbitfaq_groups ORDER BY title";
                $result_groups = $faqsql_query ($query_groups)OR DIE( "$sql_query_error $query_groups");

                while ($row_groups = $faqsql_fetch_array ($result_groups)){
                  $group_id = $row_groups[0];
                  $group_title = $row_groups[1];

                  if($posted_groups != '')
                    {
                        if(in_array($group_id, $posted_groups))
                          {
                            $group_selected = 'selected';
                          }
                        else
                          {
                            $group_selected = '';
                          }

                    }
                  else
                    {
                      // Check if the admin has access
                      $query_groupacl = "SELECT * from orbitfaq_groups WHERE id = $group_id AND grantonreg = '1'";
                      $result_groupsacl = $faqsql_query ($query_groupacl)OR DIE( "$sql_query_error $query_groupacl");
                      $count_groupsacl = $faqsql_count_rows($result_groupsacl);

                      if($count_groupsacl != '0')
                        {
                          $group_selected = 'selected';
                        }
                      else
                        {
                          $group_selected = '';
                        }
                    }

                       // Build Smarty Content Array
                       $smarty_grouppd_array[] = array(
                          "group_id" => "$group_id",
                          "group_title" => "$group_title",
                          "group_selected" => "$group_selected"
                        );

                  }

                // Send our Smarty Data
                $smarty->assign('Errors',$error);
                $smarty->assign('GroupPulldown',$smarty_grouppd_array);


      } // End Create Many
    elseif($action == 'modify')
      {
        if($user != '')
          {

          if($posted == 'yes')
            {

              $posted_id = sanitize_paranoid_string($_POST['posted_id']);
              $posted_fullname = strip_tags($_POST['posted_fullname']);
              $posted_login = fsanitize_email($_POST['posted_login']);
              $validate_email = checkEmail($posted_login);
              $posted_phone = strip_tags($_POST['posted_phone']);
              $posted_occupation = strip_tags($_POST['posted_occupation']);
              $posted_country = strip_tags($_POST['posted_country']);
              $posted_city = strip_tags($_POST['posted_city']);
              $posted_msn = strip_tags($_POST['posted_msn']);

              // Check if our email is in the system already
              $query_login = "SELECT * from `orbitfaq_users` WHERE `login` = '$posted_login' AND `id` != '$posted_id'";
              $result_login = $faqsql_query ($query_login)OR DIE( "$sql_query_error $query_login");
              $count_login = $faqsql_count_rows($result_login);

              if(!$user){ $error .= " &raquo; We are having a problem finding your user id<br />"; }
              if(!$posted_id){ $error .= " &raquo; We are having a problem finding your user id<br />"; }
              if(!$posted_fullname){ $error .= " &raquo; You did not enter a <u>Full Name</u><br />"; }
              if(!$posted_login){ $error .= " &raquo; You did not enter an <u>Email Address</u><br />"; }
              if($validate_email == '0'){ $error .= " &raquo; You did not enter a <u>Valid Email Address</u><br />"; }
              if($count_login != '0'){ $error .= " &raquo; You did not enter a <u>Unique Email Address</u>, maybe you should try the Forgotten Password Option<br />"; }


              if(!$error)
                {

                  $query_update = "UPDATE `orbitfaq_users` SET
                        `login` = '$posted_login',
                        `fullname` = '$posted_fullname',
                        `phone` = '$posted_phone',
                        `msn` = '$posted_msn',
                        `country` = '$posted_country',
                        `city` = '$posted_city',
                        `occupation` = '$posted_occupation'
                      WHERE `id` = '$posted_id'
                    ;

                  ";

                  $result_update = $faqsql_query ($query_update)OR DIE( "$sql_query_error $query_update");

                    if($posted_groups != '')
                      {

                        // Delete Our Users ACL
                        $query_delete = "DELETE FROM `orbitfaq_users_groups` WHERE `u_id` = '$posted_id';";
                        $result_delete = $faqsql_query ($query_delete)OR DIE( "$sql_query_error $query_delete");

                        foreach($posted_groups as $groupacl)
                          {
                              // Put in our managed FAQs
                              $query_addacl = "INSERT INTO `orbitfaq_users_groups` (
                                  `u_id`,
                                  `g_id`
                                )VALUES(
                                  '$posted_id',
                                  '$groupacl'
                                );

                              ";
                              $result_addacl = $faqsql_query ($query_addacl)OR DIE( "$sql_query_error $query_addacl");
                          }
                      }

                  clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);

                  $message = "User Was Successfully Modified!";
                  header("Location: index.php?mod=$mod&message=$message");

                  exit;

                }
              else
                {

                  $query_groups = "SELECT * from orbitfaq_groups ORDER BY title";
                  $result_groups = $faqsql_query ($query_groups)OR DIE( "$sql_query_error $query_groups");

                  while ($row_groups = $faqsql_fetch_array ($result_groups)){
                    $group_id = $row_groups[0];
                    $group_title = $row_groups[1];

                    if($posted_groups != '')
                      {
                          if(in_array($group_id, $posted_groups))
                            {
                              $group_selected = 'selected';
                            }
                          else
                            {
                              $group_selected = '';
                            }

                      }

                     // Build Smarty Content Array
                     $smarty_grouppd_array[] = array(
                        "group_id" => "$group_id",
                        "group_title" => "$group_title",
                        "group_selected" => "$group_selected"
                      );

                    }

                  // Send our Smarty Data
                  $smarty->assign('GroupPulldown',$smarty_grouppd_array);

                  $smarty->assign("posted_id","$posted_id");
                  $smarty->assign("posted_fullname","$posted_fullname");
                  $smarty->assign("posted_login","$posted_login");
                  $smarty->assign("posted_phone","$posted_phone");
                  $smarty->assign("posted_msn","$posted_msn");
                  $smarty->assign("posted_country","$posted_country");
                  $smarty->assign("posted_city","$posted_city");
                  $smarty->assign("posted_occupation","$posted_occupation");
                  $smarty->assign("Errors","$error");


                }

            }
          else
            {

              $query_login = "SELECT * from `orbitfaq_users` WHERE `id` = '$user'";
              $result_login = $faqsql_query ($query_login)OR DIE( "$sql_query_error $query_login");
              $count_login = $faqsql_count_rows($result_login);

              while ($row_login = $faqsql_fetch_array ($result_login)){
                $login_id = $row_login[0];
                $posted_login = $row_login[2];
                $posted_fullname = $row_login[3];
                $posted_phone = $row_login[5];
                $posted_msn = $row_login[6];
                $posted_country = $row_login[7];
                $posted_city = $row_login[8];
                $posted_occupation = $row_login[9];

              }

              $query_groups = "SELECT * from orbitfaq_groups ORDER BY title";
              $result_groups = $faqsql_query ($query_groups)OR DIE( "$sql_query_error $query_groups");

              while ($row_groups = $faqsql_fetch_array ($result_groups)){
                $group_id = $row_groups[0];
                $group_title = $row_groups[1];

                    // Check if the admin has access
                    $query_groupacl = "SELECT * from orbitfaq_users_groups WHERE g_id = $group_id AND u_id = '$user'";
                    $result_groupsacl = $faqsql_query ($query_groupacl)OR DIE( "$sql_query_error $query_groupacl");
                    $count_groupsacl = $faqsql_count_rows($result_groupsacl);

                    if($count_groupsacl != '0')
                      {
                        $group_selected = 'selected';
                      }
                    else
                      {
                        $group_selected = '';
                      }

                     // Build Smarty Content Array
                     $smarty_grouppd_array[] = array(
                        "group_id" => "$group_id",
                        "group_title" => "$group_title",
                        "group_selected" => "$group_selected"
                      );

                }

              // Send our Smarty Data
              $smarty->assign('GroupPulldown',$smarty_grouppd_array);

              $smarty->assign("posted_id","$login_id");
              $smarty->assign("posted_fullname","$posted_fullname");
              $smarty->assign("posted_login","$posted_login");
              $smarty->assign("posted_phone","$posted_phone");
              $smarty->assign("posted_msn","$posted_msn");
              $smarty->assign("posted_country","$posted_country");
              $smarty->assign("posted_city","$posted_city");
              $smarty->assign("posted_occupation","$posted_occupation");
              $smarty->assign("Errors","$error");

            }

          }
        else
          {
            clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);

            $message = "You Did Not Enter a Valid FAQ Id!";
            header("Location: index.php?mod=$mod&message=$message");
          }
      } // End Modify

    elseif($action == 'delete')
      {
        if($user != '')
          {

          if($posted == 'yes')
            {

              $posted_confirmation = sanitize_paranoid_string($_POST['posted_confirmation']);
              $posted_id = sanitize_paranoid_string($_POST['posted_id']);

              $smarty->assign("posted_faq","$posted_faq");
              $smarty->assign("posted_id","$posted_id");

              if($posted_confirmation == '0'){ $error .= " &raquo; You did not select an appropriate <u>Confirmation</u><br />"; }
              if(!$posted_id){ $error .= " &raquo; We are having a problem finding your user id<br />"; }

              if(!$error)
                {

                  // Delete Our Users ACL
                  $query_delete = "DELETE FROM `orbitfaq_users_groups` WHERE `u_id` = '$posted_id';";
                  $result_delete = $faqsql_query ($query_delete)OR DIE( "$sql_query_error $query_delete");

                  // Delete Our FAQ
                  $query_delete = "DELETE FROM `orbitfaq_users` WHERE `id` = '$posted_id';";
                  $result_delete = $faqsql_query ($query_delete)OR DIE( "$sql_query_error $query_delete");

                  clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);

                  $message = "User was Successfully Deleted!";
                  header("Location: index.php?mod=$mod&message=$message");

                  exit;

                }

            }

              $query_users = "SELECT * from orbitfaq_users WHERE id = '$user'";
              $result_users = $faqsql_query ($query_users)OR DIE( "$sql_query_error $query_users");

              while ($row_users = $faqsql_fetch_array ($result_users)){
                $users_id = $row_users[0];
                $users_f_id = $row_users[1];
                $users_login = $row_users[2];
                $users_fullname = $row_users[3];
                $users_phone = $row_users[5];
                $users_msn = $row_users[6];
                $users_country = $row_users[7];
                $users_city = $row_users[8];
                $users_occupation = $row_users[9];
                $users_last_login = $row_users[10];
                $users_register_date = $row_users[11];
                $users_status = $row_users[12];
                $users_accesslvl = $row_users[13];

                // Assign our smarty details
                $smarty->assign("Errors","$error");
                $smarty->assign("posted_id","$users_id");
                $smarty->assign("posted_fullname","$users_fullname");



            }

          }
        else
          {
            clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);
            $message = "You Did Not Enter a Valid FAQ Id!";
            header("Location: index.php?mod=$mod&message=$message");
          }
      } // End Delete

    elseif($action == 'chstatus')
      {
        if($user != '')
          {

            if($posted != '')
              {
                $query_update_order = "UPDATE `orbitfaq_users` SET status = $posted WHERE `id` = '$user';";
                $result_update_order = $faqsql_query ($query_update_order)OR DIE( "$sql_query_error $query_update_order");

                clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);

                $message = "You Have Successfully Changed the User Status!";
                header("Location: index.php?mod=$mod&message=$message");
                exit;

              }

          }
        else
          {
            clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);
            $message = "You Did Not Enter a Valid User Id!";
            header("Location: index.php?mod=$mod&message=$message");
            exit;
          }
      } // End Move

    elseif($action == 'chaccesslvl')
      {
        if($user != '')
          {

            if($posted != '')
              {
                $query_update_order = "UPDATE `orbitfaq_users` SET accesslvl = '$posted' WHERE `id` = '$user';";
                $result_update_order = $faqsql_query ($query_update_order)OR DIE( "$sql_query_error $query_update_order");

                clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);

                $message = "You Have Successfully Changed the User Access Level!";
                header("Location: index.php?mod=$mod&message=$message");
                exit;
              }

          }
        else
          {
            clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);

            $message = "You Did Not Enter a Valid User Id!";
            header("Location: index.php?mod=$mod&message=$message");
            exit;
          }
      } // End Change Access Level

    elseif($action == 'resetpwd')
      {
        if($user != '')
          {

          if($posted == 'yes')
            {

              $posted_confirmation = sanitize_paranoid_string($_POST['posted_confirmation']);

              if($posted_confirmation == '0'){ $error .= " &raquo; You did not select an appropriate <u>Confirmation</u><br />"; }

              if(!$error)
                {

                    $query_users = "SELECT * from orbitfaq_users WHERE id = '$user'";
                    $result_users = $faqsql_query ($query_users)OR DIE( "$sql_query_error $query_users");

                    while ($row_users = $faqsql_fetch_array ($result_users)){
                      $users_id = $row_users[0];
                      $users_f_id = $row_users[1];
                      $users_login = $row_users[2];
                      $users_fullname = $row_users[3];
                      $users_phone = $row_users[5];
                      $users_msn = $row_users[6];
                      $users_country = $row_users[7];
                      $users_city = $row_users[8];
                      $users_occupation = $row_users[9];
                      $users_last_login = $row_users[10];
                      $users_register_date = $row_users[11];
                      $users_status = $row_users[12];
                      $users_accesslvl = $row_users[13];
                    }

                    $generated_password = makeRandomPassword();
                    $encrypted_generated_password = md5($generated_password);

                    $OurMessage = "<font face='verdana'>Your password was reset by the Administrator at <b>$OrbitFAQTitle</b><br /><br />";
                    $OurMessage .= "You can now login using the following crudentials<br />";
                    $OurMessage .= "Login: $users_login<br />";
                    $OurMessage .= "Password: $generated_password<br /><br />";
                    $OurMessage .= "Regards,<br /><b>OrbitFAQ Mailer</b>";

                    $OurTxtMessage = "Your password was reset by the Administrator at $OrbitFAQTitle\n\n";
                    $OurTxtMessage .= "You can now login using the following crudentials\n";
                    $OurTxtMessage .= "Login: $users_login\n";
                    $OurTxtMessage .= "Password: $generated_password\n\n";
                    $OurTxtMessage .= "Regards,\nOrbitFAQ Mailer\n";

                    // Lets check that they are using swift
                    // if version is ok then use swift
                    if(($phpv == '4')OR($phpv == '5'))
                      {
                        $swift =& new Swift(new Swift_Connection_SMTP("$smtp_hostname"));

                        if($email_format == 'text/html')
                          {
                            $RealMessage = $OurMessage;
                          }
                        else
                          {
                            $RealMessage = $OurTxtMessage;
                          }

                        //Create the message
                        $message =& new Swift_Message("$OrbitFAQTitle Password Reset", "$RealMessage", $email_format);

                        //Now check if Swift actually sends it
                        !$swift->send($message, $users_login, "$default_email");
                      }
                    // if not then we will just use PHP mail functions.
                    else
                      {
                        $headers = "From: $default_email\r\n";
                        mail( $users_login, "$OrbitFAQTitle Password Reset", $OurTxtMessage, $headers );
                      }

                  // Delete Our FAQ
                  $query_delete = "UPDATE `orbitfaq_users` SET password = '$encrypted_generated_password' WHERE `id` = '$user';";
                  $result_delete = $faqsql_query ($query_delete)OR DIE( "$sql_query_error $query_delete");

                  clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);

                  $message = "User Password was Successfully Reset!";
                  header("Location: index.php?mod=$mod&message=$message");

                  exit;

                }

            }

              $query_users = "SELECT * from orbitfaq_users WHERE id = '$user'";
              $result_users = $faqsql_query ($query_users)OR DIE( "$sql_query_error $query_users");

              while ($row_users = $faqsql_fetch_array ($result_users)){
                $users_id = $row_users[0];
                $users_f_id = $row_users[1];
                $users_login = $row_users[2];
                $users_fullname = $row_users[3];
                $users_phone = $row_users[5];
                $users_msn = $row_users[6];
                $users_country = $row_users[7];
                $users_city = $row_users[8];
                $users_occupation = $row_users[9];
                $users_last_login = $row_users[10];
                $users_register_date = $row_users[11];
                $users_status = $row_users[12];
                $users_accesslvl = $row_users[13];

                // Assign our smarty details
                $smarty->assign("Errors","$error");
                $smarty->assign("posted_id","$users_id");
                $smarty->assign("posted_login","$users_login");
                $smarty->assign("posted_fullname","$users_fullname");



            }

          }
        else
          {
            clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);
            $message = "You Did Not Enter a Valid FAQ Id!";
            header("Location: index.php?mod=$mod&message=$message");
          }
      } // End Change Access Level

    }
  else
    {
      $smarty_template_file = "$AdminFullPath/skins/$AdminSkin/mod_". $mod .".tpl";

      if($user != '')
        {
          $user_sql = " AND id = '$user' ";
          $smarty->assign("UserView","1");
        }

      $query_users = "SELECT * from orbitfaq_users WHERE accesslvl = 'user' $user_sql ORDER BY fullname ASC";
      $result_users = $faqsql_query ($query_users)OR DIE( "$sql_query_error $query_users");

      while ($row_users = $faqsql_fetch_array ($result_users)){
        $users_id = $row_users[0];
        $users_f_id = $row_users[1];
        $users_login = $row_users[2];
        $users_fullname = $row_users[3];
        $users_phone = $row_users[5];
        $users_msn = $row_users[6];
        $users_country = $row_users[7];
        $users_city = $row_users[8];
        $users_occupation = $row_users[9];
        $users_last_login = $row_users[10];
        $users_register_date = $row_users[11];
        $users_status = $row_users[12];
        $users_accesslvl = $row_users[13];

        if($users_row == '1')
          {
            $users_row = '0';
          }
        else
          {
            $users_row = '1';
          }

          if($user != '')
            {

              $query_groups = "SELECT title FROM orbitfaq_groups WHERE id = ANY (SELECT orbitfaq_users_groups.g_id FROM orbitfaq_users_groups, orbitfaq_users WHERE orbitfaq_users_groups.u_id = '$user') ORDER BY title ASC";
              $result_groups = $faqsql_query ($query_groups)OR DIE( "$sql_query_error $query_groups");

              while ($row_groups = $faqsql_fetch_array ($result_groups)){
                $group_title = $row_groups[0];

                $users_groups .= "$group_title<br />";

              }

            }


         // Build Smarty Content Array
         $smarty_users_array[] = array(
            "users_id" => "$users_id",
            "users_login" => "$users_login",
            "users_fullname" => "$users_fullname",
            "users_last_login" => "$users_last_login",
            "users_register_date" => "$users_register_date",
            "users_phone" => "$users_phone",
            "users_msn" => "$users_msn",
            "users_country" => "$users_country",
            "users_city" => "$users_city",
            "users_occupation" => "$users_occupation",
            "users_status" => "$users_status",
            "users_accesslvl" => "$users_accesslvl",
            "users_groups" => "$users_groups",
            "users_row" => "$users_row"
          );

      }

      // Send our Smarty Data
      $smarty->assign('UserListing',$smarty_users_array);
    }
?>